Cloud Security

What is Cloud Security?

Cloud security is a subset of cyber security that involves a multi-pronged approach to protecting all assets that are placed on a cloud, including virtualized IP, data, applications, services, and cloud infrastructure.

Why is cloud security important?

According to recent research, 97 percent of organizations across the globe use some form of cloud service. Of that total, 25 percent have had data stolen, and 20 percent have had their cloud infrastructure attacked.

Being on a cloud platform introduces new risks that enterprises must prioritize within their cyber security programs. A robust cloud security program establishes the policies, technologies, applications, and controls used to protect an enterprise from threats.

Who’s responsible for cloud security?

Cloud service providers (CSPs) and organizations share security responsibilities. CSPs generally provide the physical security for cloud infrastructure. Organizational IT staff are responsible for configuring access controls with strict authorization levels based on need to work with the data.

How does cloud security work?

A cloud security program monitors all activity in the cloud and has established plans in place to react quickly in the event of a breach. In general, cloud security has four main objectives: protect, detect, contain, and recover.

To accomplish these four goals, enterprises deploy a mix of policies, tools, and controls that are then always in effect.

Policies: Enterprises should build security into the development process of any product or service. That means that rather than relying on a separate security verification team, a policy should mandate that DevOps and DevSecOps be included within the business unit creating the new offering. A policy that requires departments and personnel to participate in asset identification, classification, and accountability also helps build awareness and protection.

Proper configuration: IT departments need to configure cloud assets to separate data from operations and automatically identify and permit access to only the people and systems that need it to do their jobs.

Centralized management: Many organizations implement different cloud solutions, with different providers who offer their own management tools. Unifying cloud security across all services and providers gives IT visibility into every access point from one place, making it easier to monitor and detect threats.

Constant monitoring: Using tools that are readily available, IT can see what cloud computing platforms and services their users are accessing and what activities might put the organization at risk. In addition, such tools can ensure that all security and compliance requirements are met 24/7. Regular audits of apps and devices in use and assessments of potential risks should also always be on.

Data protection: Enterprises use a variety of tactics to prevent data loss and/or spillage. These include VPN, encryption, masking (encrypting identifying info), and Transport Layer Security (TLS) to prevent eavesdropping and tampering with messages.

Maintenance: Maintaining redundancy and full data backups stored somewhere else is essential, and many service providers bundle these into their subscriptions. Moreover, keeping up with updates and security patch software is usually handled by the service provider, but internal IT is responsible for patching their own services.

What are the benefits of cloud security?

The ability to mitigate threats benefits an enterprise, keeping operations running full-bore despite the risks of using cloud services. The main advantages of cloud security boil down to what it prevents: unauthorized users and malicious activity. The following are a mix of advantages to implementing a cloud security program.

  • Preventing DDoS attacks: With constant monitoring and analysis and mitigation tools, cloud security programs are prepared to stamp out the growing threat of these sophisticated attacks.
  • Protecting data: By separating data from users and applications, sensitive data is pooled in a secure place where access is automatically controlled.
  • Greater visibility: With one integrated cloud security program, IT has a single point from which they can monitor all activity, rather than having to keep an eye on multiple clouds.
  • Higher availability: Due to the redundancies built into cloud security, resources and applications are always on and ready for access.
  • Regulatory compliance: By automatically encrypting data during transmission and controlling access to it when it’s stored, organizations meet DOD and federal regulations.
  • Business continuity: The redundancies built into cloud security not only secure data and resources from bad actors, they also serve to ensure that business operations can continue despite weather and power disruptions.

What challenges does cloud security need to overcome?

As the volume and pace of cloud deployments increases, so too do the risks to the overall resources placed on the cloud. Companies often use multiple clouds at the same time, with different clouds for different functions, further multiplying those risks. The following are some of the challenges to cloud-based security.


Placing so many resources and activities off premises and on the cloud means that IT has poor visibility into every point of access. These avenues are much more easily controlled when everything resides on premises.

DDoS Attacks

Record-breaking numbers of Distributed Denial of Service (DDOS) attacks make keeping up with the pace a real strain on all players involved on the cloud—including providers and subscribers. The speed and agility needed continues to climb and the burden must be shared across organizations and providers.


To reduce the risk of sensitive information flows to and through cloud services, integrating on-site data loss prevention with cloud providers is a must. IT should run manual or automated data classification even before uploading the data to the cloud and keep user authorization controls in house.


Sometimes the threat comes from internal users, whether intentional or accidental. IT should have a three-pronged approach to mitigating this risk:

  • Restricting sensitive data to only managed devices
  • Using behavioral analytics to monitor activity
  • Training users frequently

How does HPE help customers with cloud security?

HPE offers many products and solutions that go beyond perimeter security to prevent, detect, and recover from threats. As an industry leader, HPE delivers innovations in firmware protection, malware detection, and firmware recovery—right down to the silicon. With HPE tools and solutions, you can manage and protect multiple, geographically distributed locations from advanced threats.

Aruba Edge-to-Cloud Security offers you full visibility, control, and enforcement with built-in network security solutions. It also provides policy enforcement firewalls, dynamic access segmentation, and deep packet inspection (DPI) combined with application classification and web content filtering to help you keep up with a constantly changing threat landscape.

ClearPass Device Insight automates discovery for unidentified and unmanaged devices that attempt to access your systems. ClearPass Policy Manager centralizes user and device authentication, role-based access policies, and continuous attack response.

HPE also offers cloud-based security controls to preserve the performance and cost-effectiveness of your cloud and broadband connections. These tools protect both LANs and WANs from internal and external threats.

Finally, HPE helps you through the entire process of implementing your cloud security program, from defining strategy to design and integration so you have intelligent data protection.